[Snort-users] probe packet?

Vincent Chen vctw at ...131...
Thu Feb 14 19:00:03 EST 2002


Dear all,

I got a lot of the following packet recently. They
seems trying to scan ssh,rpc,printer and created
by the same tool. Any one know which tool created
them?

BTW: Is there a good place to discuss this kind of
clue or attacker's intention?


Thanks,

02/12-00:04:13.867209 61.211.225.15:3952 ->
61.223.0.69:111
TCP TTL:52 TOS:0x0 ID:9599 IpLen:20 DgmLen:60 DF
******S* Seq: 0x91940B3C  Ack: 0x0  Win: 0x7D78 
TcpLen: 40
TCP Options (5) => MSS: 1452 SackOK TS: 60908434 0 NOP
WS: 0 
0x0000: 02 00 00 00 45 00 00 3C 25 7F 40 00 34 06 C4
36  ....E..<%. at ...4982...
0x0010: 3D D3 E1 0F 3D DF 00 45 0F 70 00 6F 91 94 0B
3C  =...=..E.p.o...<
0x0020: 00 00 00 00 A0 02 7D 78 59 AD 00 00 02 04 05
AC  ......}xY.......
0x0030: 04 02 08 0A 03 A1 63 92 00 00 00 00 01 03 03
00  ......c.........

__________________________________________________
Do You Yahoo!?
Got something to say? Say it better with Yahoo! Video Mail 
http://mail.yahoo.com




More information about the Snort-users mailing list